Vodafone sources claim Huawei created a "backdoor" for its home routers and network switching equipment and then lied about removing it

Originally published at: https://boingboing.net/2019/04/30/attribution-is-hard.html

2 Likes

AFAICT, the current foofaraw about Huawei spying on people is a straightforward outgrowth of Turmp’s bullshit “trade war”, rather than any particular evidence.

That’s not to say that China / Huawei wouldn’t do such a thing, but if they did (or have), I am certain they could do it much more competently than by introducing an unsecured telnet interface that’s open to anyone. Even if the backdoor claim happens to be true, the real backdoor is presumably undiscovered, and this story hasn’t revealed it.

It’s no bad thing if attention is drawn to shitty products, but let’s be clear – Turmp’s lies about Huawei spying on you are almost certainly just lies.

PS “Vodafone”

8 Likes

It’s almost like doing serious business and working with shitty fascists to save a few bucks is a bad idea.

Hilariously, the Trump Admin wants to re-start the boycott of Cuba, but American companies looooove working with Chinese Commu-Fascists to make, well, everything. Again, why is a small nation of communists worse than a big one? Oh, right, because Chinese-Americans aren’t located in one place and foaming to vote Republican.

Seriously, all I want is a little consistency never mind morality.

2 Likes

The reports from U.S. agencies concerning Huawei predate Trump. That said, I’ve been skeptical about this story from the beginning. It felt like the NSA was pointing the finger at Huawei for doing what they do. We have evidence that the NSA is installing back doors so where is the evidence that Huawei does the same?
Right now I’d like to know if anyone with a Huawei device can see this “hidden” telnet service by running display telnet server status on their device. If either the IPv4 or IPv6 server is enabled, disable it telnet server disable and test again. If disabling it does not close the hole, then this is a real issue. If it does close the hole, this is a BS story.

7 Likes

I wouldn’t be satisfied with that. It means only one signal has to get in by some other means - and if they have THIS gaping stupid security hole, what others are there - and it’s easy to turn back on, after which total control is very easy.

Please note that concerned people don’t “make sure their screen camera is turned off” - they cover the damn thing with black tape, because who knows whether it can be turned back on?

Also, the protocol existing at all: Telnet is a zombie, still walking more than 20 years after SSH made it utterly obsolete and never-to-be-used-again - I just can’t support with my dollars anybody who uses telnet for anything, actually builds a new device in the 21st century that uses telnet. Death to telnet.

2 Likes

But parenthetically, it’s highly amusing to see our two profile pictures sending stuff at each other.

3 Likes

I wish this came from somebody other than Bloomberg. Until I see it confirmed or reported by a reputable outlet it’s hard for me to take it seriously.

1 Like

The continuing market/trade war, served on a political plate. In the end, it’s about money.

If telnet can be disabled, it’s a moot point and without router access, what method is being used to turn it back on? If it actually cannot be disabled, then this story has legs.

That’s F.U.D. at work for you. Don’t alter your behavior over F.U.D.

Ditto

edit to add

Cisco still has telnet. Most of the router/switch config I do is via telnet.

2 Likes

Huawei says they use telnet to configure the boxes during manufacture (client customizations, etc.). They could add a last step of turning it off, but that means the inventory is now locked to a vendor and if it doesn’t sell, they have to crack the boxes open or do something else to reprogram them all.

I agree that telnet was a poor choice of how to do that, but the more secure way–an encrypted protocol where Hauwei has a private key and the device verified commands with the public key associated with it–would have looked extremely scarry to fear mongers. “Huawei has a secret backdoor to take over hardware!!!” And it would be true–to the extent that it would be possible for them to do it, but the motivation is still asserted not proved.

I don’t trust Huawei
I don’t trust Vodafone
I don’t trust Bloomberg’s tech reporting

Cant decide who I don’t trust the least.

8 Likes

Obviously, no one has seen the refutation from Vodaphone… There was a telnet interface used to diagnostics left turned on, and they knew about it. Seriously, what is going on at Bloomberg?

Telnet still has its uses. I mostly use it to debug protocols and send test packets. Though, I would never use this for something in production or exposed to the outside world.

1 Like

According to The Register the “backdoor” was a LAN-facing telnet interface for debugging that was not listening on the WAN side of the router. Taking into accounts that telnet might be old-fashioned but still is the next thing to the good old serial debugging consoles that have been in active network components since the late neolithicum the whole affair looks even more like one more bullshitty FUD from Bloomberg. Or like technically incompetent nonsense from Vodaf…one.

They do seem to keep forgetting about stuff

How can it be a cost saving when Vodaphone will lose every customer who is even vaguely security conscious.

2 Likes

Oh dear. Secret Huawei enterprise router snoop ‘backdoor’ was Telnet service, sighs Vodafone

1 Like

Telnet has its place; you just don’t want to see it beyond that place: it’s unacceptable anywhere SSH should be; but it’s simple, lightweight, and ubiquitously supported; which makes it the best option for common “I need a serial console but have a NIC” use cases; especially recovery or initial setup ones where the system either doesn’t have credentials and certs available or has factory default ones; and so one of the ‘secure’ options either lacks keying material it needs or is using default material that anyone who cares knows.

A good, honest, physical serial console port is, of course, preferred; but on devices that don’t have those talking to the bootloader or first stage setup over telnet as though over a serial console isn’t really a bad thing(you obviously don’t expose your chat to the broader network, that would be bad).

There’s no excuse for telnet to be left dangling in the breeze once things are set up; that is a terrible plan(and while you could make telnet safe with sufficient tunneling there isn’t much point; you’d be doing more work than SSH requires to achieve an oddball result; only excuse would be if you had to deal with something legacy and irreplaceable that needs to be coddled and protected until it finally dies).

All that said, consumer routers distributed by ISPs tend to be a bit of a backdoor horror show because ISPs want to be able to manage them and be able to answer people’s dumb questions about forgotten wifi passwords and such. You normally don’t use goddamn telnet for that, though. More common to find that TR-069/CPWMP is silently active and mandatory on such gear.

This episode seems to fit with reports of Huawei being…engineered right down to price…but isn’t really a departure from industry norms for shoddy routers.

And there is the problem. Trust. You shouldn’t have to trust reporting because it should not be reported the way it was. Bloomberg decided to publish a story about a security problem that needs addressing as if it were some sort of secret conspiracy but they didn’t do their due diligence and find out if it was true, an actual problem, or even if it could be remediated. It’s just a fear mongering fluff piece. A low energy bit of sloppy and lazy journalism that shouldn’t have been published IMO.

I think there are too many questions and too much doubt to trust Huawei regardless of the reporting in this one story. Not unlike how I don’t trust 45 despite there being “no hard facts” against him. Huawei has given me no reason to trust them and there’s little reason to doubt the details in the Bloomberg article just because Huawei denied it. 45 denies allot also and because he lies so much it’s impossible to sort the truth. That’s the game Huawei seems to be paying and it’s SOP for Chinese businesses.